home lab

Best DNS Server you can Self-Host in 2023

Choose the best DNS server to improve your web experience. Learn which DNS server offers the highest speed, best features, and security.

Choosing a DNS Server for your home network or home lab environment is crucial to performance and security. There are many public DNS servers that can be used for DNS queries. However, in this post, we will look at the best DNS server you can self-host, with five options for the best features, security, and performance.

Selecting the Best DNS Servers

When searching for the best DNS servers, several factors come into play. These include the server’s ability to manage DNS queries efficiently, its compatibility with different IP addresses, and their ability to implement secure DNS services. Also, in addition to running a firewall, DNS servers can provide controls in blocking malicious websites and phishing sites, spyware, and other threats, in addition to content filtering for kids is important.

Many well-known public DNS servers exist for lookups, from well-known options like Google DNS, OpenDNS, quad9, and Cloudflare DNS to more specialized services like Comodo Secure DNS, or even the default DNS servers from your ISP as an option. These are great DNS options for systems as they have protection built in from things like DDoS, cyberattacks, and other threats. 

However, in addition to these public DNS providers, let’s dive into the best free DNS service solutions you can self-host in your home network or home lab environment and the features of each. Note the following example solutions in the list:

  1. Technitium
  2. Pihole with Unbound
  3. PowerDNS
  4. Adguard
  5. BIND

1. Technitium: Customizability and Control

Technitium is a great DNS server. It is one of those solutions that stands out due to great features, ease of installation and configuration and the features and capabilities it has. I wrote a blog post covering Technitium here if you would like to see my thoughts on standing it up in the home lab and configuring it as a recursive DNS server for your network: Technitium DNS Server in Docker: Is this the Best Home Server DNS?.

It has a wide range of features, like DNSSEC support and the ability to create multiple conditional forwarding zones, which is great for home labbers. I found this to be one of the best open-source DNS solutions I have used. You can look at additional information, but Technitium is highly regarded by many in the community.

FeatureDescription
Platform SupportWindows, Linux, macOS, Raspberry Pi, Docker
DNS ProtocolsDNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC
PerformanceHigh performance; over 100,000 requests/second
DNSSEC SupportYes, with RSA & ECDSA algorithms
Advanced CachingServe stale, prefetching, auto prefetching
Zone SupportPrimary, Secondary, Stub, Conditional Forwarder
Ad BlockingBuilt-in at DNS level
ForwardersManual or predefined list (CloudFlare, Google, etc.)
ExtensibilityBuilt-in app store for extensions
Technitium dns server
Technitium dns server

Pros and Features:

  • Free and open-source, runs on multiple platforms including Windows, Linux, macOS, and Raspberry Piโ€‹โ€‹.
  • Supports DNS-over-HTTPS, DNS-over-TLS, and DNS-over-QUICโ€‹โ€‹.
  • High-performance, handling millions of requests per minuteโ€‹โ€‹.
  • Features like DNSSEC validation, advanced caching, and support for various zone typesโ€‹โ€‹.
  • Built-in ad blocking at the DNS levelโ€‹โ€‹.
  • Configurable forwarders with a list of public DNS servicesโ€‹โ€‹.
  • Built-in app “store” for feature extensionsโ€‹โ€‹.
  • Multiple conditional forwarder zones

Cons:

  • It may have a steeper learning curve than other solutions

2. PiHole with Unbound: The Ad-Blocking Duo

Combining PiHole with Unbound is a great way to block ads and improving browsing speed, compared to using DNS settings from Internet Service Providers for DNS request and DNS query services. It can also provide protection and block things like malware. PiHole filters content at the DNS level, while Unbound provides a recursive DNS server that is quick and secure, using secure DNS and caching. Pi-hole is great for family protection and keeping your kids safe.

Check out the best Pi-Hole adlists in 2023 here: Best Pihole Adlists in 2023.

Pi hole dns server
Pi hole dns server
FeatureDescription
PrivacyEnhanced privacy by hosting locally
SecurityReduced DNS poisoning attack risk
CachingEfficient caching for minimized queries
Blocking ListsApplies blocking lists for ad and tracker blocking
Recursive DNSOperates a private recursive DNS server
Conditional ForwarderProvides conditional forwarding for (1) domain
Unbound caching dns server
Unbound caching dns server

Pros:

  • Enhanced privacy by allowing direct contact with responsive servers, reducing trackingโ€‹โ€‹.
  • Reduced risk of DNS poisoning attacks by operating a private recursive DNS serverโ€‹โ€‹.

Cons:

  • With Pi-Hole you can only conditionally forward 1 domain name
  • More difficult to setup using unbound than just Pi-Hole by itself

3. PowerDNS: The Versatile Solution

PowerDNS is used by many, even ISPs. It’s an ideal choice for a DNS server that can efficiently handle a high volume of DNS queries (probably overkill for DNS at home, but no harm there). It has advanced features that cater to both beginner users and experienced admins. It can also use a backend database for data and reporting.

Powerdns server
Powerdns server
FeatureDescription
PerformanceHigh performance and scalability
Flexible BackendsSupports multiple backend databases
DNSSEC SupportComplete DNSSEC support
Dynamic UpdatesAllows authorized clients to modify DNS records
API IntegrationComes with an HTTP-based API
Geo-RedundancyGeographical load balancing and failover capabilities
Use CasesSuitable for enterprises, service providers, and security-focused organizations

Pros:

  • High performance and scalability, handling many queries per secondโ€‹โ€‹.
  • Supports multiple backend databases, offering flexibility and modular architectureโ€‹โ€‹.
  • Complete DNSSEC support, enhancing securityโ€‹โ€‹.
  • Features dynamic updates and API integrationโ€‹โ€‹.
  • Geo-redundancy capabilities, improving performance and resilienceโ€‹โ€‹.
  • Suitable for various use cases, including complex DNS infrastructures and security-focused organizationsโ€‹โ€‹

Cons:

  • More difficult to setup than some of the other solutions
  • You have to configure a GUI in addition to the DNS solution

4. AdGuard Home: Privacy and Security First

AdGuard Home focuses on privacy and security. It can block ads but also protect against tracking and phishing. It is effective for those concerned about internet security and maintaining a family-friendly online environment parents and kids with blocking lists that block based on different categories, etc.

If you would like to install Adguard, check out my tutorial here: Adguard Home Docker Compose with Traefik Ingress.

Adguard home dns server
Adguard home dns server
FeatureDescription
Ad BlockingBlocks ads and trackers before download
Parental ControlsBuilt-in controls
User InterfaceClean UI and logically structured menu
Platform SupportRuns on almost every operating system
CompatibilityWorks with devices lacking ad blocker support

Pros:

  • Blocks ads and trackers before theyโ€™re downloadedโ€‹โ€‹.
  • Includes built-in parental controlsโ€‹โ€‹.
  • Features a clean UI and logically structured menuโ€‹โ€‹.
  • Open source and under rapid developmentโ€‹โ€‹.
  • Runs on almost every operating system without needing powerful hardwareโ€‹โ€‹.
  • Works with devices that donโ€™t support ad blockers, like smart TVsโ€‹โ€‹.

Cons:

  • Cannot block all types of ads, like YouTube pre-roll adsโ€‹โ€‹, but could be a con of other solutions too
  • Some don’t like the interface as well as Pi-Hole

5. BIND: The Established Choice

BIND, or Berkeley Internet Name Domain, is one of the most well-known DNS servers in use. It is extremely reliable and flexible. It is widely used in the enterprise, but can also be very good to use at home as a learning experiment and also for practical DNS applications. it is both stable and secure.

Check out my walkthrough of BIND here: Lightweight DNS Server for VMware Lab.

Bind dns server
Bind dns server
FeatureDescription
Community SupportBroad usage and strong open source community
StabilityUsed in millions of production DNS servers
Platform SupportSupports Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows
FunctionalityCovers all basic DNS functionalities

Pros:

  • Broad usage and strong community support, making it a standard in Linux systemsโ€‹โ€‹.
  • Known for stable and predictable operationโ€‹โ€‹.
  • Supports a wide range of platformsโ€‹โ€‹.
  • Covers all basic DNS functionalitiesโ€‹โ€‹.

Cons:

  • Lacks APIs, which makes automation of configuration and deployment more difficultโ€‹โ€‹
  • Not as intuitive and must be configured from the command line primarily

The Role of DNS in Internet Connectivity

DNS servers are the “phone book” of the Internet and translate the human-readable domain names that we can remember to the underlying IP addresses that are not easy to remember. When you open a browser and type in the name of a site on a PC, Android or iPhone, PS4, computer, etc, whether you are on a LAN or Wi-Fi connection, your DNS server looks up the name and translates it to the IP that your device can use to connect to the web server or other resource, locally, or across the world.

Understanding the impact of DNS servers on Internet connection is key. It does make a difference which DNS server addresses you configure in your network connection. Not all free DNS servers are created equal. Where do you configure DNS settings? Below, we see the IPv4 properties in Windows 11 (or IPv6). If you look at the General tab, you will see the primary and secondary DNS servers you can configure. Having two servers configured is the best way as it helps ensure uptime and everything is reachable, in case primary server is down or unreachable. Keep in mind these are not used for load balancing per se, but failover.

Configuring primary and secondary dns servers in windows
Configuring primary and secondary dns servers in windows

Why DNS Caching is Key to Performance

One of primary advantages with running your own DNS server at home is the ability to cache DNS queries. So, instead of your devices reaching out to the Internet for a DNS hostname and resolving that to an IP address, you bring that exchange local to your home network. Many routers and other commodity network devices may also cache queries, but they don’t provide the features and capabilities of the solutions we have covered.

With DNS caching, queries are stored temporarily which reduces the need to repeatedly resolve the same domain names. This process speeds up website loading times due to faster name resolution.

Once a DNS server caches a domain name, further requests for that domain can be answered quickly, bypassing the process of querying multiple DNS servers. This accelerates web page access and reduces the load on DNS servers. This makes the overall DNS name resolution process more efficient. Note the following tests I performed with DNS Benchmark.

Below you can see the DNS Benchmark (dnsperf) used shows the latency and speed of the DNS servers. The first IP address in the list is my local caching DNS server that I have configured and is handed out by my router to clients. You can see the relative speed of all the rest. This directly impacts games, apps, and all other connections.

Dns benchmark 1
Dns benchmark 1

You can see the cached and uncached latency for query results for my on-premises DNS server. For cached, it is about 2 milliseconds and uncached about 40.

Dns benchmark 2 1
Dns benchmark 2

Now, you can see the difference in a public DNS server and the latency between the query results. For cached queries it is about 26 milliseconds and 79 milliseconds for uncached.

Dns benchmark 3 1
Dns benchmark 3 1

Wrapping up Best DNS Server for your needs

Having your own self-hosted DNS server provides advantages. You can benefit from the super fast speed of cached queries accessible from your LAN and reduce the number of outbound DNS connections to the Internet. This will be noticeable for most when it comes to things like gaming, self-hosting, application response, and other use cases. The five solutions I mentioned in the post are some of today’s best solutions. However, no matter which one you try, they will all greatly benefit your home Internet experience and help keep your environment safe.

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.